if ($_SERVER["REQUEST_METHOD"]=="POST") {
$secret_key = "MERCHANT SECRET KEY";
$merchant_id = $_POST['merchant_id'];
$merchant_reference_id = $_POST['merchant_reference_id'];
$Paybolt_reference_id = $_POST['paybolt_reference_id'];
$response_code = $_POST['response_code'];
$currency = $_POST['currency'];
$amount = $_POST['amount'];
$signature = $_POST['signature'];
$signature_algorithm = $_POST['signature_algorithm'];
$dataToBeHashed = $secret_key
$utfString = mb_convert_encoding($dataToBeHashed, "UTF-8");
$check_signature = sha1($utfString, false); if ($signature == $check_signature) {
// check if merchant_reference_id has not been marked as paid before this
// check if merchant_id is your merchant_id
// check if amount and currency are correct
// signature does not matched